NuytsTech Security

CVE-2006-2319

by ·

Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename.

Date published : 2006-05-11

http://www.securityfocus.com/bid/17920

http://www.securityfocus.com/archive/1/433248/100/0/threaded

Tags: